diff options
Diffstat (limited to 'virtual/modules/websites/tools')
16 files changed, 78 insertions, 105 deletions
diff --git a/virtual/modules/websites/tools/cloud/default.nix b/virtual/modules/websites/tools/cloud/default.nix index 7dd5c6e..241b982 100644 --- a/virtual/modules/websites/tools/cloud/default.nix +++ b/virtual/modules/websites/tools/cloud/default.nix | |||
@@ -1,6 +1,8 @@ | |||
1 | { lib, pkgs, config, mylibs, ... }: | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
2 | let | 2 | let |
3 | nextcloud = pkgs.callPackage ./nextcloud.nix { inherit (mylibs) checkEnv; }; | 3 | nextcloud = pkgs.callPackage ./nextcloud.nix { |
4 | env = myconfig.env.tools.nextcloud; | ||
5 | }; | ||
4 | 6 | ||
5 | cfg = config.services.myWebsites.tools.cloud; | 7 | cfg = config.services.myWebsites.tools.cloud; |
6 | in { | 8 | in { |
diff --git a/virtual/modules/websites/tools/cloud/nextcloud.nix b/virtual/modules/websites/tools/cloud/nextcloud.nix index b9c8d04..815254b 100644 --- a/virtual/modules/websites/tools/cloud/nextcloud.nix +++ b/virtual/modules/websites/tools/cloud/nextcloud.nix | |||
@@ -1,4 +1,4 @@ | |||
1 | { stdenv, fetchurl, checkEnv, writeText, lib, phpPackages, php }: | 1 | { stdenv, fetchurl, env, writeText, lib, phpPackages, php }: |
2 | let | 2 | let |
3 | nextcloud = let | 3 | nextcloud = let |
4 | buildApp = { appName, version, url, sha256, installPhase ? "mkdir -p $out && cp -R . $out/" }: | 4 | buildApp = { appName, version, url, sha256, installPhase ? "mkdir -p $out && cp -R . $out/" }: |
@@ -96,27 +96,20 @@ let | |||
96 | }; | 96 | }; |
97 | in rec { | 97 | in rec { |
98 | varDir = "/var/lib/nextcloud"; | 98 | varDir = "/var/lib/nextcloud"; |
99 | config_php = | 99 | config_php = writeText "config.php" '' |
100 | assert checkEnv "NIXOPS_NEXTCLOUD_PASSWORD_SALT"; | ||
101 | assert checkEnv "NIXOPS_NEXTCLOUD_DB_USER"; | ||
102 | assert checkEnv "NIXOPS_NEXTCLOUD_DB_PASSWORD"; | ||
103 | assert checkEnv "NIXOPS_NEXTCLOUD_INSTANCE_ID"; | ||
104 | assert checkEnv "NIXOPS_NEXTCLOUD_SECRET"; | ||
105 | assert checkEnv "NIXOPS_NEXTCLOUD_REDIS_DB_INDEX"; | ||
106 | writeText "config.php" '' | ||
107 | <?php | 100 | <?php |
108 | $CONFIG = array ( | 101 | $CONFIG = array ( |
109 | 'instanceid' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_INSTANCE_ID"}', | 102 | 'instanceid' => '${env.instance_id}', |
110 | 'datadirectory' => '/var/lib/nextcloud/', | 103 | 'datadirectory' => '/var/lib/nextcloud/', |
111 | 'passwordsalt' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_PASSWORD_SALT"}', | 104 | 'passwordsalt' => '${env.password_salt}', |
112 | 'debug' => false, | 105 | 'debug' => false, |
113 | 'dbtype' => 'pgsql', | 106 | 'dbtype' => 'pgsql', |
114 | 'version' => '15.0.0.10', | 107 | 'version' => '15.0.0.10', |
115 | 'dbname' => 'webapps', | 108 | 'dbname' => 'webapps', |
116 | 'dbhost' => '/run/postgresql', | 109 | 'dbhost' => '/run/postgresql', |
117 | 'dbtableprefix' => 'oc_', | 110 | 'dbtableprefix' => 'oc_', |
118 | 'dbuser' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_DB_USER"}', | 111 | 'dbuser' => '${env.postgresql.user}', |
119 | 'dbpassword' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_DB_PASSWORD"}', | 112 | 'dbpassword' => '${env.postgresql.password}', |
120 | 'installed' => true, | 113 | 'installed' => true, |
121 | 'maxZipInputSize' => 0, | 114 | 'maxZipInputSize' => 0, |
122 | 'allowZipDownload' => true, | 115 | 'allowZipDownload' => true, |
@@ -127,7 +120,7 @@ let | |||
127 | array ( | 120 | array ( |
128 | 0 => 'cloud.immae.eu', | 121 | 0 => 'cloud.immae.eu', |
129 | ), | 122 | ), |
130 | 'secret' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_SECRET"}', | 123 | 'secret' => '${env.secret}', |
131 | 'appstoreenabled' => false, | 124 | 'appstoreenabled' => false, |
132 | 'appstore.experimental.enabled' => true, | 125 | 'appstore.experimental.enabled' => true, |
133 | 'loglevel' => 0, | 126 | 'loglevel' => 0, |
@@ -147,7 +140,7 @@ let | |||
147 | array ( | 140 | array ( |
148 | 'host' => 'localhost', | 141 | 'host' => 'localhost', |
149 | 'port' => 6379, | 142 | 'port' => 6379, |
150 | 'dbindex' => ${builtins.getEnv "NIXOPS_NEXTCLOUD_REDIS_DB_INDEX"}, | 143 | 'dbindex' => ${env.redis.db_index}, |
151 | ), | 144 | ), |
152 | 'overwrite.cli.url' => 'https://cloud.immae.eu', | 145 | 'overwrite.cli.url' => 'https://cloud.immae.eu', |
153 | 'ldapIgnoreNamingRules' => false, | 146 | 'ldapIgnoreNamingRules' => false, |
diff --git a/virtual/modules/websites/tools/dav/davical.nix b/virtual/modules/websites/tools/dav/davical.nix index cf528ad..4d0639f 100644 --- a/virtual/modules/websites/tools/dav/davical.nix +++ b/virtual/modules/websites/tools/dav/davical.nix | |||
@@ -1,4 +1,4 @@ | |||
1 | { stdenv, fetchurl, gettext, writeText, checkEnv }: | 1 | { stdenv, fetchurl, gettext, writeText, env }: |
2 | let | 2 | let |
3 | awl = stdenv.mkDerivation rec { | 3 | awl = stdenv.mkDerivation rec { |
4 | version = "0.59"; | 4 | version = "0.59"; |
@@ -16,12 +16,9 @@ let | |||
16 | ''; | 16 | ''; |
17 | }; | 17 | }; |
18 | davical = rec { | 18 | davical = rec { |
19 | config = | 19 | config = writeText "davical_config.php" '' |
20 | assert checkEnv "NIXOPS_DAVICAL_DB_PASSWORD"; | ||
21 | assert checkEnv "NIXOPS_DAVICAL_LDAP_PASSWORD"; | ||
22 | writeText "davical_config.php" '' | ||
23 | <?php | 20 | <?php |
24 | $c->pg_connect[] = "dbname=davical user=davical_app host=db-1.immae.eu password=${builtins.getEnv "NIXOPS_DAVICAL_DB_PASSWORD"}"; | 21 | $c->pg_connect[] = "dbname=davical user=davical_app host=db-1.immae.eu password=${env.postgresql.password}"; |
25 | 22 | ||
26 | $c->readonly_webdav_collections = false; | 23 | $c->readonly_webdav_collections = false; |
27 | 24 | ||
@@ -44,7 +41,7 @@ let | |||
44 | 'port' => '389', | 41 | 'port' => '389', |
45 | 'startTLS' => 'yes', | 42 | 'startTLS' => 'yes', |
46 | 'bindDN'=> 'cn=davical,ou=services,dc=immae,dc=eu', | 43 | 'bindDN'=> 'cn=davical,ou=services,dc=immae,dc=eu', |
47 | 'passDN'=> '${builtins.getEnv "NIXOPS_DAVICAL_LDAP_PASSWORD"}', | 44 | 'passDN'=> '${env.ldap.password}', |
48 | 'protocolVersion' => '3', | 45 | 'protocolVersion' => '3', |
49 | 'baseDNUsers'=> array('ou=users,dc=immae,dc=eu', 'ou=group_users,dc=immae,dc=eu'), | 46 | 'baseDNUsers'=> array('ou=users,dc=immae,dc=eu', 'ou=group_users,dc=immae,dc=eu'), |
50 | 'filterUsers' => 'memberOf=cn=users,cn=davical,ou=services,dc=immae,dc=eu', | 47 | 'filterUsers' => 'memberOf=cn=users,cn=davical,ou=services,dc=immae,dc=eu', |
diff --git a/virtual/modules/websites/tools/dav/default.nix b/virtual/modules/websites/tools/dav/default.nix index 201da38..ef9735e 100644 --- a/virtual/modules/websites/tools/dav/default.nix +++ b/virtual/modules/websites/tools/dav/default.nix | |||
@@ -1,7 +1,9 @@ | |||
1 | { lib, pkgs, config, mylibs, ... }: | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
2 | let | 2 | let |
3 | infcloud = pkgs.callPackage ./infcloud.nix {}; | 3 | infcloud = pkgs.callPackage ./infcloud.nix {}; |
4 | davical = pkgs.callPackage ./davical.nix { inherit (mylibs) checkEnv; }; | 4 | davical = pkgs.callPackage ./davical.nix { |
5 | env = myconfig.env.tools.davical; | ||
6 | }; | ||
5 | 7 | ||
6 | cfg = config.services.myWebsites.tools.dav; | 8 | cfg = config.services.myWebsites.tools.dav; |
7 | in { | 9 | in { |
diff --git a/virtual/modules/websites/tools/diaspora/default.nix b/virtual/modules/websites/tools/diaspora/default.nix index 8285d6c..b15b9ce 100644 --- a/virtual/modules/websites/tools/diaspora/default.nix +++ b/virtual/modules/websites/tools/diaspora/default.nix | |||
@@ -1,7 +1,8 @@ | |||
1 | { lib, pkgs, config, mylibs, ... }: | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
2 | let | 2 | let |
3 | diaspora = pkgs.callPackage ./diaspora.nix { | 3 | diaspora = pkgs.callPackage ./diaspora.nix { |
4 | inherit (mylibs) fetchedGithub checkEnv; | 4 | inherit (mylibs) fetchedGithub; |
5 | env = myconfig.env.tools.diaspora; | ||
5 | }; | 6 | }; |
6 | 7 | ||
7 | cfg = config.services.myWebsites.tools.diaspora; | 8 | cfg = config.services.myWebsites.tools.diaspora; |
diff --git a/virtual/modules/websites/tools/diaspora/diaspora.nix b/virtual/modules/websites/tools/diaspora/diaspora.nix index 961e1f8..39de202 100644 --- a/virtual/modules/websites/tools/diaspora/diaspora.nix +++ b/virtual/modules/websites/tools/diaspora/diaspora.nix | |||
@@ -1,4 +1,4 @@ | |||
1 | { checkEnv, fetchedGithub, stdenv, defaultGemConfig, writeText, bundlerEnv, ruby_2_4, pkgs, cacert }: | 1 | { env, fetchedGithub, stdenv, defaultGemConfig, writeText, bundlerEnv, ruby_2_4, pkgs, cacert }: |
2 | let | 2 | let |
3 | gems = bundlerEnv { | 3 | gems = bundlerEnv { |
4 | name = "diaspora-env"; | 4 | name = "diaspora-env"; |
@@ -30,13 +30,10 @@ let | |||
30 | ''; | 30 | ''; |
31 | propagatedBuildInputs = buildInputs; | 31 | propagatedBuildInputs = buildInputs; |
32 | }); | 32 | }); |
33 | secret_token = assert checkEnv "NIXOPS_DIASPORA_SECRET_TOKEN"; | 33 | secret_token = writeText "secret_token.rb" '' |
34 | writeText "secret_token.rb" '' | 34 | Diaspora::Application.config.secret_key_base = '${env.secret_token}' |
35 | Diaspora::Application.config.secret_key_base = '${builtins.getEnv "NIXOPS_DIASPORA_SECRET_TOKEN"}' | ||
36 | ''; | 35 | ''; |
37 | config = | 36 | config = writeText "diaspora.yml" '' |
38 | assert checkEnv "NIXOPS_DIASPORA_LDAP_PASSWORD"; | ||
39 | writeText "diaspora.yml" '' | ||
40 | configuration: | 37 | configuration: |
41 | environment: | 38 | environment: |
42 | url: "https://diaspora.immae.eu/" | 39 | url: "https://diaspora.immae.eu/" |
@@ -101,7 +98,7 @@ let | |||
101 | skip_email_confirmation: true | 98 | skip_email_confirmation: true |
102 | use_bind_dn: true | 99 | use_bind_dn: true |
103 | bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu" | 100 | bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu" |
104 | bind_pw: "${builtins.getEnv "NIXOPS_DIASPORA_LDAP_PASSWORD"}" | 101 | bind_pw: "${env.ldap.password}" |
105 | search_base: "dc=immae,dc=eu" | 102 | search_base: "dc=immae,dc=eu" |
106 | search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))" | 103 | search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))" |
107 | production: | 104 | production: |
@@ -109,15 +106,13 @@ let | |||
109 | development: | 106 | development: |
110 | environment: | 107 | environment: |
111 | ''; | 108 | ''; |
112 | database_config = | 109 | database_config = writeText "database.yml" '' |
113 | assert checkEnv "NIXOPS_DIASPORA_SQL_PASSWORD"; | ||
114 | writeText "database.yml" '' | ||
115 | postgresql: &postgresql | 110 | postgresql: &postgresql |
116 | adapter: postgresql | 111 | adapter: postgresql |
117 | host: db-1.immae.eu | 112 | host: db-1.immae.eu |
118 | port: 5432 | 113 | port: 5432 |
119 | username: "diaspora" | 114 | username: "diaspora" |
120 | password: "${builtins.getEnv "NIXOPS_DIASPORA_SQL_PASSWORD"}" | 115 | password: "${env.postgresql.password}" |
121 | encoding: unicode | 116 | encoding: unicode |
122 | common: &common | 117 | common: &common |
123 | <<: *postgresql | 118 | <<: *postgresql |
diff --git a/virtual/modules/websites/tools/git/default.nix b/virtual/modules/websites/tools/git/default.nix index f53350e..91aa1d0 100644 --- a/virtual/modules/websites/tools/git/default.nix +++ b/virtual/modules/websites/tools/git/default.nix | |||
@@ -1,6 +1,9 @@ | |||
1 | { lib, pkgs, config, mylibs, ... }: | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
2 | let | 2 | let |
3 | mantisbt = pkgs.callPackage ./mantisbt/mantisbt.nix { inherit (mylibs) checkEnv fetchedGithub; }; | 3 | mantisbt = pkgs.callPackage ./mantisbt/mantisbt.nix { |
4 | inherit (mylibs) fetchedGithub; | ||
5 | env = myconfig.env.tools.mantisbt; | ||
6 | }; | ||
4 | gitweb = pkgs.callPackage ./gitweb/gitweb.nix { gitoliteDir = config.services.myGitolite.gitoliteDir; }; | 7 | gitweb = pkgs.callPackage ./gitweb/gitweb.nix { gitoliteDir = config.services.myGitolite.gitoliteDir; }; |
5 | 8 | ||
6 | cfg = config.services.myWebsites.tools.git; | 9 | cfg = config.services.myWebsites.tools.git; |
diff --git a/virtual/modules/websites/tools/git/mantisbt/mantisbt.nix b/virtual/modules/websites/tools/git/mantisbt/mantisbt.nix index c1cb60d..bc2ff3a 100644 --- a/virtual/modules/websites/tools/git/mantisbt/mantisbt.nix +++ b/virtual/modules/websites/tools/git/mantisbt/mantisbt.nix | |||
@@ -1,4 +1,4 @@ | |||
1 | { lib, checkEnv, writeText, stdenv, fetchurl, fetchedGithub }: | 1 | { lib, env, writeText, stdenv, fetchurl, fetchedGithub }: |
2 | let | 2 | let |
3 | mantisbt = let | 3 | mantisbt = let |
4 | plugins = { | 4 | plugins = { |
@@ -18,17 +18,14 @@ let | |||
18 | }; | 18 | }; |
19 | in rec { | 19 | in rec { |
20 | config = | 20 | config = |
21 | assert checkEnv "NIXOPS_MANTISBT_DB_PASSWORD"; | ||
22 | assert checkEnv "NIXOPS_MANTISBT_MASTER_SALT"; | ||
23 | assert checkEnv "NIXOPS_MANTISBT_LDAP_PASSWORD"; | ||
24 | writeText "config_inc.php" '' | 21 | writeText "config_inc.php" '' |
25 | <?php | 22 | <?php |
26 | $g_hostname = 'db-1.immae.eu'; | 23 | $g_hostname = 'db-1.immae.eu'; |
27 | $g_db_username = 'mantisbt'; | 24 | $g_db_username = 'mantisbt'; |
28 | $g_db_password = '${builtins.getEnv "NIXOPS_MANTISBT_DB_PASSWORD"}'; | 25 | $g_db_password = '${env.postgresql.password}'; |
29 | $g_database_name = 'mantisbt'; | 26 | $g_database_name = 'mantisbt'; |
30 | $g_db_type = 'pgsql'; | 27 | $g_db_type = 'pgsql'; |
31 | $g_crypto_master_salt = '${builtins.getEnv "NIXOPS_MANTISBT_MASTER_SALT"}'; | 28 | $g_crypto_master_salt = '${env.master_salt}'; |
32 | $g_allow_signup = OFF; | 29 | $g_allow_signup = OFF; |
33 | $g_allow_anonymous_login = ON; | 30 | $g_allow_anonymous_login = ON; |
34 | $g_anonymous_account = 'anonymous'; | 31 | $g_anonymous_account = 'anonymous'; |
@@ -48,7 +45,7 @@ let | |||
48 | $g_ldap_server = 'ldaps://ldap.immae.eu:636'; | 45 | $g_ldap_server = 'ldaps://ldap.immae.eu:636'; |
49 | $g_ldap_root_dn = 'ou=users,dc=immae,dc=eu'; | 46 | $g_ldap_root_dn = 'ou=users,dc=immae,dc=eu'; |
50 | $g_ldap_bind_dn = 'cn=mantisbt,ou=services,dc=immae,dc=eu'; | 47 | $g_ldap_bind_dn = 'cn=mantisbt,ou=services,dc=immae,dc=eu'; |
51 | $g_ldap_bind_passwd = '${builtins.getEnv "NIXOPS_MANTISBT_LDAP_PASSWORD"}'; | 48 | $g_ldap_bind_passwd = '${env.ldap.password}'; |
52 | $g_use_ldap_email = ON; | 49 | $g_use_ldap_email = ON; |
53 | $g_use_ldap_realname = ON; | 50 | $g_use_ldap_realname = ON; |
54 | $g_ldap_uid_field = 'uid'; | 51 | $g_ldap_uid_field = 'uid'; |
diff --git a/virtual/modules/websites/tools/mastodon/default.nix b/virtual/modules/websites/tools/mastodon/default.nix index 25a389b..98ab9be 100644 --- a/virtual/modules/websites/tools/mastodon/default.nix +++ b/virtual/modules/websites/tools/mastodon/default.nix | |||
@@ -1,7 +1,8 @@ | |||
1 | { lib, pkgs, config, mylibs, ... }: | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
2 | let | 2 | let |
3 | mastodon = pkgs.callPackage ./mastodon.nix { | 3 | mastodon = pkgs.callPackage ./mastodon.nix { |
4 | inherit (mylibs) fetchedGithub checkEnv; | 4 | inherit (mylibs) fetchedGithub; |
5 | env = myconfig.env.tools.mastodon; | ||
5 | }; | 6 | }; |
6 | 7 | ||
7 | cfg = config.services.myWebsites.tools.mastodon; | 8 | cfg = config.services.myWebsites.tools.mastodon; |
diff --git a/virtual/modules/websites/tools/mastodon/mastodon.nix b/virtual/modules/websites/tools/mastodon/mastodon.nix index e948852..463de1c 100644 --- a/virtual/modules/websites/tools/mastodon/mastodon.nix +++ b/virtual/modules/websites/tools/mastodon/mastodon.nix | |||
@@ -1,4 +1,4 @@ | |||
1 | { checkEnv, fetchedGithub, stdenv, writeText, pkgs, cacert }: | 1 | { env, fetchedGithub, stdenv, writeText, pkgs, cacert }: |
2 | let | 2 | let |
3 | varDir = "/var/lib/mastodon_immae"; | 3 | varDir = "/var/lib/mastodon_immae"; |
4 | socketsDir = "/run/mastodon"; | 4 | socketsDir = "/run/mastodon"; |
@@ -21,35 +21,26 @@ let | |||
21 | jemalloc which postgresql python3 cacert | 21 | jemalloc which postgresql python3 cacert |
22 | ]; | 22 | ]; |
23 | }); | 23 | }); |
24 | config = | 24 | config = writeText "mastodon_environment" '' |
25 | assert checkEnv "NIXOPS_MASTODON_DB_PASS"; | ||
26 | assert checkEnv "NIXOPS_MASTODON_PAPERCLIP_SECRET"; | ||
27 | assert checkEnv "NIXOPS_MASTODON_SECRET_KEY_BASE"; | ||
28 | assert checkEnv "NIXOPS_MASTODON_OTP_SECRET"; | ||
29 | assert checkEnv "NIXOPS_MASTODON_VAPID_PRIVATE_KEY"; | ||
30 | assert checkEnv "NIXOPS_MASTODON_VAPID_PUBLIC_KEY"; | ||
31 | assert checkEnv "NIXOPS_MASTODON_OTP_SECRET"; | ||
32 | assert checkEnv "NIXOPS_MASTODON_LDAP_PASSWORD"; | ||
33 | writeText "mastodon_environment" '' | ||
34 | REDIS_HOST=localhost | 25 | REDIS_HOST=localhost |
35 | REDIS_PORT=6379 | 26 | REDIS_PORT=6379 |
36 | REDIS_DB=13 | 27 | REDIS_DB=13 |
37 | DB_HOST=/run/postgresql | 28 | DB_HOST=/run/postgresql |
38 | DB_USER=mastodon | 29 | DB_USER=mastodon |
39 | DB_NAME=mastodon | 30 | DB_NAME=mastodon |
40 | DB_PASS=${builtins.getEnv "NIXOPS_MASTODON_DB_PASS"} | 31 | DB_PASS=${env.postgresql.password} |
41 | DB_PORT=5432 | 32 | DB_PORT=5432 |
42 | 33 | ||
43 | LOCAL_DOMAIN=mastodon.immae.eu | 34 | LOCAL_DOMAIN=mastodon.immae.eu |
44 | LOCAL_HTTPS=true | 35 | LOCAL_HTTPS=true |
45 | ALTERNATE_DOMAINS=immae.eu | 36 | ALTERNATE_DOMAINS=immae.eu |
46 | 37 | ||
47 | PAPERCLIP_SECRET=${builtins.getEnv "NIXOPS_MASTODON_PAPERCLIP_SECRET"} | 38 | PAPERCLIP_SECRET=${env.paperclip_secret} |
48 | SECRET_KEY_BASE=${builtins.getEnv "NIXOPS_MASTODON_SECRET_KEY_BASE"} | 39 | SECRET_KEY_BASE=${env.secret_key_base} |
49 | OTP_SECRET=${builtins.getEnv "NIXOPS_MASTODON_OTP_SECRET"} | 40 | OTP_SECRET=${env.otp_secret} |
50 | 41 | ||
51 | VAPID_PRIVATE_KEY=${builtins.getEnv "NIXOPS_MASTODON_VAPID_PRIVATE_KEY"} | 42 | VAPID_PRIVATE_KEY=${env.vapid.private} |
52 | VAPID_PUBLIC_KEY=${builtins.getEnv "NIXOPS_MASTODON_VAPID_PUBLIC_KEY"} | 43 | VAPID_PUBLIC_KEY=${env.vapid.public} |
53 | 44 | ||
54 | SMTP_SERVER=mail.immae.eu | 45 | SMTP_SERVER=mail.immae.eu |
55 | SMTP_PORT=587 | 46 | SMTP_PORT=587 |
@@ -66,7 +57,7 @@ let | |||
66 | LDAP_METHOD=simple_tls | 57 | LDAP_METHOD=simple_tls |
67 | LDAP_BASE="dc=immae,dc=eu" | 58 | LDAP_BASE="dc=immae,dc=eu" |
68 | LDAP_BIND_DN="cn=mastodon,ou=services,dc=immae,dc=eu" | 59 | LDAP_BIND_DN="cn=mastodon,ou=services,dc=immae,dc=eu" |
69 | LDAP_PASSWORD="${builtins.getEnv "NIXOPS_MASTODON_LDAP_PASSWORD"}" | 60 | LDAP_PASSWORD="${env.ldap.password}" |
70 | LDAP_UID="uid" | 61 | LDAP_UID="uid" |
71 | LDAP_SEARCH_FILTER="(&(%{uid}=%{email})(memberOf=cn=users,cn=mastodon,ou=services,dc=immae,dc=eu))" | 62 | LDAP_SEARCH_FILTER="(&(%{uid}=%{email})(memberOf=cn=users,cn=mastodon,ou=services,dc=immae,dc=eu))" |
72 | ''; | 63 | ''; |
diff --git a/virtual/modules/websites/tools/mediagoblin/default.nix b/virtual/modules/websites/tools/mediagoblin/default.nix index 99bdce1..5f60503 100644 --- a/virtual/modules/websites/tools/mediagoblin/default.nix +++ b/virtual/modules/websites/tools/mediagoblin/default.nix | |||
@@ -1,7 +1,8 @@ | |||
1 | { lib, pkgs, config, mylibs, ... }: | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
2 | let | 2 | let |
3 | mediagoblin = pkgs.callPackage ./mediagoblin.nix { | 3 | mediagoblin = pkgs.callPackage ./mediagoblin.nix { |
4 | inherit (mylibs) checkEnv fetchedGit fetchedGithub; | 4 | inherit (mylibs) fetchedGit fetchedGithub; |
5 | env = myconfig.env.tools.mediagoblin; | ||
5 | }; | 6 | }; |
6 | 7 | ||
7 | cfg = config.services.myWebsites.tools.mediagoblin; | 8 | cfg = config.services.myWebsites.tools.mediagoblin; |
diff --git a/virtual/modules/websites/tools/mediagoblin/mediagoblin.nix b/virtual/modules/websites/tools/mediagoblin/mediagoblin.nix index e94d8a6..2e62242 100644 --- a/virtual/modules/websites/tools/mediagoblin/mediagoblin.nix +++ b/virtual/modules/websites/tools/mediagoblin/mediagoblin.nix | |||
@@ -1,4 +1,4 @@ | |||
1 | { checkEnv, makeWrapper, stdenv, writeText, fetchurl, fetchedGit, fetchedGithub, which, python3, pkgs, automake, autoconf, nodejs, nodePackages, git, cacert }: | 1 | { env, makeWrapper, stdenv, writeText, fetchurl, fetchedGit, fetchedGithub, which, python3, pkgs, automake, autoconf, nodejs, nodePackages, git, cacert }: |
2 | let | 2 | let |
3 | plugins = { | 3 | plugins = { |
4 | basicsearch = stdenv.mkDerivation (fetchedGithub ./mediagoblin-plugin-basicsearch.json // rec { | 4 | basicsearch = stdenv.mkDerivation (fetchedGithub ./mediagoblin-plugin-basicsearch.json // rec { |
@@ -183,10 +183,7 @@ in | |||
183 | url_scheme = https | 183 | url_scheme = https |
184 | ''; | 184 | ''; |
185 | 185 | ||
186 | mediagoblin_local = | 186 | mediagoblin_local = writeText "mediagoblin_local.ini" '' |
187 | assert checkEnv "NIXOPS_MEDIAGOBLIN_LDAP_PASSWORD"; | ||
188 | assert checkEnv "NIXOPS_MEDIAGOBLIN_SQL_URI"; | ||
189 | writeText "mediagoblin_local.ini" '' | ||
190 | [DEFAULT] | 187 | [DEFAULT] |
191 | data_basedir = "${varDir}" | 188 | data_basedir = "${varDir}" |
192 | 189 | ||
@@ -195,7 +192,7 @@ in | |||
195 | email_sender_address = "mediagoblin@mail.immae.eu" | 192 | email_sender_address = "mediagoblin@mail.immae.eu" |
196 | 193 | ||
197 | #sql_engine = sqlite:///%(data_basedir)s/mediagoblin.db | 194 | #sql_engine = sqlite:///%(data_basedir)s/mediagoblin.db |
198 | sql_engine = ${builtins.getEnv "NIXOPS_MEDIAGOBLIN_SQL_URI"} | 195 | sql_engine = ${env.psql_url} |
199 | 196 | ||
200 | email_debug_mode = false | 197 | email_debug_mode = false |
201 | allow_registration = false | 198 | allow_registration = false |
@@ -232,7 +229,7 @@ in | |||
232 | LDAP_SERVER_URI = 'ldaps://ldap.immae.eu:636' | 229 | LDAP_SERVER_URI = 'ldaps://ldap.immae.eu:636' |
233 | LDAP_SEARCH_BASE = 'dc=immae,dc=eu' | 230 | LDAP_SEARCH_BASE = 'dc=immae,dc=eu' |
234 | LDAP_BIND_DN = 'cn=mediagoblin,ou=services,dc=immae,dc=eu' | 231 | LDAP_BIND_DN = 'cn=mediagoblin,ou=services,dc=immae,dc=eu' |
235 | LDAP_BIND_PW = '${builtins.getEnv "NIXOPS_MEDIAGOBLIN_LDAP_PASSWORD"}' | 232 | LDAP_BIND_PW = '${env.ldap.password}' |
236 | LDAP_SEARCH_FILTER = '(&(memberOf=cn=users,cn=mediagoblin,ou=services,dc=immae,dc=eu)(uid={username}))' | 233 | LDAP_SEARCH_FILTER = '(&(memberOf=cn=users,cn=mediagoblin,ou=services,dc=immae,dc=eu)(uid={username}))' |
237 | EMAIL_SEARCH_FIELD = 'mail' | 234 | EMAIL_SEARCH_FIELD = 'mail' |
238 | [[mediagoblin.plugins.basicsearch]] | 235 | [[mediagoblin.plugins.basicsearch]] |
diff --git a/virtual/modules/websites/tools/tools/default.nix b/virtual/modules/websites/tools/tools/default.nix index d69ccc9..294959c 100644 --- a/virtual/modules/websites/tools/tools/default.nix +++ b/virtual/modules/websites/tools/tools/default.nix | |||
@@ -1,10 +1,13 @@ | |||
1 | { lib, pkgs, config, mylibs, ... }: | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
2 | let | 2 | let |
3 | adminer = pkgs.callPackage ../../commons/adminer.nix {}; | 3 | adminer = pkgs.callPackage ../../commons/adminer.nix {}; |
4 | ympd = pkgs.callPackage ./ympd.nix {}; | 4 | ympd = pkgs.callPackage ./ympd.nix {}; |
5 | ttrss = pkgs.callPackage ./ttrss.nix { inherit (mylibs) checkEnv fetchedGithub fetchedGit; }; | 5 | ttrss = pkgs.callPackage ./ttrss.nix { |
6 | roundcubemail = pkgs.callPackage ./roundcubemail.nix { inherit (mylibs) checkEnv; }; | 6 | inherit (mylibs) fetchedGithub fetchedGit; |
7 | wallabag = pkgs.callPackage ./wallabag.nix { inherit (mylibs) checkEnv; }; | 7 | env = myconfig.env.tools.ttrss; |
8 | }; | ||
9 | roundcubemail = pkgs.callPackage ./roundcubemail.nix { env = myconfig.env.tools.roundcubemail; }; | ||
10 | wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; }; | ||
8 | 11 | ||
9 | cfg = config.services.myWebsites.tools.tools; | 12 | cfg = config.services.myWebsites.tools.tools; |
10 | in { | 13 | in { |
diff --git a/virtual/modules/websites/tools/tools/roundcubemail.nix b/virtual/modules/websites/tools/tools/roundcubemail.nix index e1653ae..877ea8b 100644 --- a/virtual/modules/websites/tools/tools/roundcubemail.nix +++ b/virtual/modules/websites/tools/tools/roundcubemail.nix | |||
@@ -1,4 +1,4 @@ | |||
1 | { lib, checkEnv, writeText, stdenv, fetchurl }: | 1 | { lib, env, writeText, stdenv, fetchurl }: |
2 | let | 2 | let |
3 | roundcubemail = let | 3 | roundcubemail = let |
4 | plugins = {}; | 4 | plugins = {}; |
@@ -12,12 +12,9 @@ let | |||
12 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions | 12 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions |
13 | ''; | 13 | ''; |
14 | }; | 14 | }; |
15 | config = | 15 | config = writeText "config.php" '' |
16 | assert checkEnv "NIXOPS_ROUNDCUBEMAIL_PSQL_URL"; | ||
17 | assert checkEnv "NIXOPS_ROUNDCUBEMAIL_SECRET"; | ||
18 | writeText "config.php" '' | ||
19 | <?php | 16 | <?php |
20 | $config['db_dsnw'] = '${builtins.getEnv "NIXOPS_ROUNDCUBEMAIL_PSQL_URL"}'; | 17 | $config['db_dsnw'] = '${env.psql_url}'; |
21 | $config['default_host'] = 'ssl://mail.immae.eu'; | 18 | $config['default_host'] = 'ssl://mail.immae.eu'; |
22 | $config['imap_conn_options'] = array("ssl" => array("verify_peer" => false)); | 19 | $config['imap_conn_options'] = array("ssl" => array("verify_peer" => false)); |
23 | $config['smtp_server'] = 'tls://mail.immae.eu'; | 20 | $config['smtp_server'] = 'tls://mail.immae.eu'; |
@@ -27,7 +24,7 @@ let | |||
27 | 24 | ||
28 | $config['support_url'] = '''; | 25 | $config['support_url'] = '''; |
29 | 26 | ||
30 | $config['des_key'] = '${builtins.getEnv "NIXOPS_ROUNDCUBEMAIL_SECRET"}'; | 27 | $config['des_key'] = '${env.secret}'; |
31 | 28 | ||
32 | $config['plugins'] = array(); | 29 | $config['plugins'] = array(); |
33 | 30 | ||
diff --git a/virtual/modules/websites/tools/tools/ttrss.nix b/virtual/modules/websites/tools/tools/ttrss.nix index 2659afd..76105be 100644 --- a/virtual/modules/websites/tools/tools/ttrss.nix +++ b/virtual/modules/websites/tools/tools/ttrss.nix | |||
@@ -1,4 +1,4 @@ | |||
1 | { lib, php, checkEnv, writeText, stdenv, fetchedGit, fetchedGithub }: | 1 | { lib, php, env, writeText, stdenv, fetchedGit, fetchedGithub }: |
2 | let | 2 | let |
3 | ttrss = let | 3 | ttrss = let |
4 | plugins = { | 4 | plugins = { |
@@ -52,10 +52,7 @@ let | |||
52 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions | 52 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions |
53 | ''; | 53 | ''; |
54 | }; | 54 | }; |
55 | config = | 55 | config = writeText "config.php" '' |
56 | assert checkEnv "NIXOPS_TTRSS_DB_PASSWORD"; | ||
57 | assert checkEnv "NIXOPS_TTRSS_LDAP_PASSWORD"; | ||
58 | writeText "config.php" '' | ||
59 | <?php | 56 | <?php |
60 | 57 | ||
61 | define('PHP_EXECUTABLE', '${php}/bin/php'); | 58 | define('PHP_EXECUTABLE', '${php}/bin/php'); |
@@ -72,7 +69,7 @@ let | |||
72 | define('DB_HOST', 'db-1.immae.eu'); | 69 | define('DB_HOST', 'db-1.immae.eu'); |
73 | define('DB_USER', 'ttrss'); | 70 | define('DB_USER', 'ttrss'); |
74 | define('DB_NAME', 'ttrss'); | 71 | define('DB_NAME', 'ttrss'); |
75 | define('DB_PASS', '${builtins.getEnv "NIXOPS_TTRSS_DB_PASSWORD"}'); | 72 | define('DB_PASS', '${env.postgresql.password}'); |
76 | define('DB_PORT', '5432'); | 73 | define('DB_PORT', '5432'); |
77 | 74 | ||
78 | define('AUTH_AUTO_CREATE', true); | 75 | define('AUTH_AUTO_CREATE', true); |
@@ -117,7 +114,7 @@ let | |||
117 | define('LDAP_AUTH_SEARCHFILTER', '(&(memberOf=cn=users,cn=ttrss,ou=services,dc=immae,dc=eu)(|(cn=???)(uid=???)(&(uid:dn:=???)(ou=ttrss))))'); | 114 | define('LDAP_AUTH_SEARCHFILTER', '(&(memberOf=cn=users,cn=ttrss,ou=services,dc=immae,dc=eu)(|(cn=???)(uid=???)(&(uid:dn:=???)(ou=ttrss))))'); |
118 | 115 | ||
119 | define('LDAP_AUTH_BINDDN', 'cn=ttrss,ou=services,dc=immae,dc=eu'); | 116 | define('LDAP_AUTH_BINDDN', 'cn=ttrss,ou=services,dc=immae,dc=eu'); |
120 | define('LDAP_AUTH_BINDPW', '${builtins.getEnv "NIXOPS_TTRSS_LDAP_PASSWORD"}'); | 117 | define('LDAP_AUTH_BINDPW', '${env.ldap.password}'); |
121 | define('LDAP_AUTH_LOGIN_ATTRIB', 'immaeTtrssLogin'); | 118 | define('LDAP_AUTH_LOGIN_ATTRIB', 'immaeTtrssLogin'); |
122 | 119 | ||
123 | define('LDAP_AUTH_LOG_ATTEMPTS', FALSE); | 120 | define('LDAP_AUTH_LOG_ATTEMPTS', FALSE); |
diff --git a/virtual/modules/websites/tools/tools/wallabag.nix b/virtual/modules/websites/tools/tools/wallabag.nix index 0b54fff..22089da 100644 --- a/virtual/modules/websites/tools/tools/wallabag.nix +++ b/virtual/modules/websites/tools/tools/wallabag.nix | |||
@@ -1,12 +1,8 @@ | |||
1 | { stdenv, fetchurl, writeText, checkEnv, phpPackages, php, which }: | 1 | { stdenv, fetchurl, writeText, env, phpPackages, php, which }: |
2 | let | 2 | let |
3 | wallabag = rec { | 3 | wallabag = rec { |
4 | varDir = "/var/lib/wallabag"; | 4 | varDir = "/var/lib/wallabag"; |
5 | parameters = | 5 | parameters = writeText "parameters.yml" '' |
6 | assert checkEnv "NIXOPS_WALLABAG_SQL_PASSWORD"; | ||
7 | assert checkEnv "NIXOPS_WALLABAG_SECRET"; | ||
8 | assert checkEnv "NIXOPS_WALLABAG_LDAP_PASSWORD"; | ||
9 | writeText "parameters.yml" '' | ||
10 | # This file is auto-generated during the composer install | 6 | # This file is auto-generated during the composer install |
11 | parameters: | 7 | parameters: |
12 | database_driver: pdo_pgsql | 8 | database_driver: pdo_pgsql |
@@ -15,7 +11,7 @@ let | |||
15 | database_port: null | 11 | database_port: null |
16 | database_name: webapps | 12 | database_name: webapps |
17 | database_user: wallabag | 13 | database_user: wallabag |
18 | database_password: ${builtins.getEnv "NIXOPS_WALLABAG_SQL_PASSWORD"} | 14 | database_password: ${env.postgresql.password} |
19 | database_path: null | 15 | database_path: null |
20 | database_table_prefix: wallabag_ | 16 | database_table_prefix: wallabag_ |
21 | database_socket: null | 17 | database_socket: null |
@@ -26,7 +22,7 @@ let | |||
26 | mailer_user: null | 22 | mailer_user: null |
27 | mailer_password: null | 23 | mailer_password: null |
28 | locale: fr | 24 | locale: fr |
29 | secret: ${builtins.getEnv "NIXOPS_WALLABAG_SECRET"} | 25 | secret: ${env.secret} |
30 | twofactor_auth: true | 26 | twofactor_auth: true |
31 | twofactor_sender: wallabag@immae.eu | 27 | twofactor_sender: wallabag@immae.eu |
32 | fosuser_registration: false | 28 | fosuser_registration: false |
@@ -52,7 +48,7 @@ let | |||
52 | ldap_bind_requires_dn: true | 48 | ldap_bind_requires_dn: true |
53 | ldap_base: 'dc=immae,dc=eu' | 49 | ldap_base: 'dc=immae,dc=eu' |
54 | ldap_manager_dn: 'cn=wallabag,ou=services,dc=immae,dc=eu' | 50 | ldap_manager_dn: 'cn=wallabag,ou=services,dc=immae,dc=eu' |
55 | ldap_manager_pw: ${builtins.getEnv "NIXOPS_WALLABAG_LDAP_PASSWORD"} | 51 | ldap_manager_pw: ${env.ldap.password} |
56 | ldap_filter: '(&(memberOf=cn=users,cn=wallabag,ou=services,dc=immae,dc=eu))' | 52 | ldap_filter: '(&(memberOf=cn=users,cn=wallabag,ou=services,dc=immae,dc=eu))' |
57 | ldap_admin_filter: '(&(memberOf=cn=admins,cn=wallabag,ou=services,dc=immae,dc=eu)(uid=%s))' | 53 | ldap_admin_filter: '(&(memberOf=cn=admins,cn=wallabag,ou=services,dc=immae,dc=eu)(uid=%s))' |
58 | ldap_username_attribute: uid | 54 | ldap_username_attribute: uid |